# HG changeset patch
# User Maxim Dounin <mdounin@mdounin.ru>
# Date 1681702259 -10800
# Mon Apr 17 06:30:59 2023 +0300
# Node ID 072be0b91d77eb9c9ab15c20d4df04efac51106a
# Parent 20d603cd3cbeab89127108fe9cb6dffd0e9469e8
Tests: simplified mail_imap_ssl.t.

The test now uses improved IO::Socket::SSL infrastructure in Test::Nginx::IMAP.
While here, fixed incorrect port being used for the "trusted cert" test.

diff --git a/mail_imap_ssl.t b/mail_imap_ssl.t
--- a/mail_imap_ssl.t
+++ b/mail_imap_ssl.t
@@ -50,12 +50,12 @@ mail {
ssl_certificate 1.example.com.crt;

server {
- listen 127.0.0.1:8142;
+ listen 127.0.0.1:8143;
protocol imap;
}

server {
- listen 127.0.0.1:8143 ssl;
+ listen 127.0.0.1:8993 ssl;
protocol imap;

ssl_verify_client on;
@@ -63,7 +63,7 @@ mail {
}

server {
- listen 127.0.0.1:8145 ssl;
+ listen 127.0.0.1:8994 ssl;
protocol imap;

ssl_verify_client optional;
@@ -71,7 +71,7 @@ mail {
}

server {
- listen 127.0.0.1:8146 ssl;
+ listen 127.0.0.1:8995 ssl;
protocol imap;

ssl_verify_client optional;
@@ -80,7 +80,7 @@ mail {
}

server {
- listen 127.0.0.1:8147 ssl;
+ listen 127.0.0.1:8996 ssl;
protocol imap;

ssl_verify_client optional_no_ca;
@@ -140,46 +140,41 @@ foreach my $name ('1.example.com', '2.ex
###############################################################################

my $cred = sub { encode_base64("\0test\@example.com\0$_[0]", '') };
-my %ssl = (
- SSL => 1,
- SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(),
- SSL_error_trap => sub { die $_[1] },
-);

# no ssl connection

-my $s = Test::Nginx::IMAP->new(PeerAddr => '127.0.0.1:' . port(8142));
+my $s = Test::Nginx::IMAP->new();
$s->ok('plain connection');
$s->send('1 AUTHENTICATE PLAIN ' . $cred->("s1"));

# no cert

-$s = Test::Nginx::IMAP->new(PeerAddr => '127.0.0.1:' . port(8143), %ssl);
+$s = Test::Nginx::IMAP->new(SSL => 1);
$s->check(qr/BYE No required SSL certificate/, 'no cert');

# no cert with ssl_verify_client optional

-$s = Test::Nginx::IMAP->new(PeerAddr => '127.0.0.1:' . port(8145), %ssl);
+$s = Test::Nginx::IMAP->new(PeerAddr => '127.0.0.1:' . port(8994), SSL => 1);
$s->ok('no optional cert');
$s->send('1 AUTHENTICATE PLAIN ' . $cred->("s2"));

# wrong cert with ssl_verify_client optional

$s = Test::Nginx::IMAP->new(
- PeerAddr => '127.0.0.1:' . port(8145),
+ PeerAddr => '127.0.0.1:' . port(8995),
+ SSL => 1,
SSL_cert_file => "$d/1.example.com.crt",
- SSL_key_file => "$d/1.example.com.key",
- %ssl,
+ SSL_key_file => "$d/1.example.com.key"
);
$s->check(qr/BYE SSL certificate error/, 'bad optional cert');

# wrong cert with ssl_verify_client optional_no_ca

$s = Test::Nginx::IMAP->new(
- PeerAddr => '127.0.0.1:' . port(8147),
+ PeerAddr => '127.0.0.1:' . port(8996),
+ SSL => 1,
SSL_cert_file => "$d/1.example.com.crt",
- SSL_key_file => "$d/1.example.com.key",
- %ssl,
+ SSL_key_file => "$d/1.example.com.key"
);
$s->ok('bad optional_no_ca cert');
$s->send('1 AUTHENTICATE PLAIN ' . $cred->("s3"));
@@ -187,10 +182,10 @@ my $s = Test::Nginx::IMAP->new(PeerAddr
# matching cert with ssl_verify_client optional

$s = Test::Nginx::IMAP->new(
- PeerAddr => '127.0.0.1:' . port(8145),
+ PeerAddr => '127.0.0.1:' . port(8995),
+ SSL => 1,
SSL_cert_file => "$d/2.example.com.crt",
- SSL_key_file => "$d/2.example.com.key",
- %ssl,
+ SSL_key_file => "$d/2.example.com.key"
);
$s->ok('good cert');
$s->send('1 AUTHENTICATE PLAIN ' . $cred->("s4"));
@@ -198,10 +193,10 @@ my $s = Test::Nginx::IMAP->new(PeerAddr
# trusted cert with ssl_verify_client optional

$s = Test::Nginx::IMAP->new(
- PeerAddr => '127.0.0.1:' . port(8146),
+ PeerAddr => '127.0.0.1:' . port(8995),
+ SSL => 1,
SSL_cert_file => "$d/3.example.com.crt",
- SSL_key_file => "$d/3.example.com.key",
- %ssl,
+ SSL_key_file => "$d/3.example.com.key"
);
$s->ok('trusted cert');
$s->send('1 AUTHENTICATE PLAIN ' . $cred->("s5"));
@@ -211,9 +206,9 @@ my $s = Test::Nginx::IMAP->new(PeerAddr

my ($cipher, $sslversion);

-$s = get_ssl_socket(8143);
-$cipher = $s->get_cipher();
-$sslversion = $s->get_sslversion();
+$s = Test::Nginx::IMAP->new(SSL => 1);
+$cipher = $s->socket()->get_cipher();
+$sslversion = $s->socket()->get_sslversion();
$sslversion =~ s/_/./;

undef $s;
@@ -242,31 +237,3 @@ like($f, qr|^$cipher:$sslversion$|m, 'lo
}

###############################################################################
-
-sub get_ssl_socket {
- my ($port) = @_;
- my $s;
-
- eval {
- local $SIG{ALRM} = sub { die "timeout\n" };
- local $SIG{PIPE} = sub { die "sigpipe\n" };
- alarm(8);
- $s = IO::Socket::SSL->new(
- Proto => 'tcp',
- PeerAddr => '127.0.0.1:' . port($port),
- SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(),
- SSL_error_trap => sub { die $_[1] }
- );
- alarm(0);
- };
- alarm(0);
-
- if ($@) {
- log_in("died: $@");
- return undef;
- }
-
- return $s;
-}
-
-###############################################################################
_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
https://mailman.nginx.org/mailman/listinfo/nginx-devel